Australia’s AML/CTF reforms are raising the bar for how reporting entities assess the people performing AML/CTF functions. For current reporting entities, the reforms commencing on 31 March 2026 formalise personnel due diligence as an ongoing obligation. AUSTRAC expects organisations to assess the skills, knowledge, expertise and integrity of personnel performing AML/CTF functions both before and during employment or engagement. For tranche 2 entities, the reforms commence on 1 July 2026.
This matters because personnel due diligence is no longer just a hiring-stage safeguard. It becomes a documented, risk-based control embedded within the AML/CTF program itself. Organisations will need to show not only that relevant personnel were suitable when appointed, but that they remain suitable as roles, responsibilities and risk exposure evolve over time. That has clear implications for recruitment, governance, record-keeping, reassessment triggers, and the way screening frameworks are designed across regulated businesses.
The enforcement backdrop makes that shift hard to ignore. In April 2022, AUSTRAC accepted an enforceable undertaking from NAB to address shortcomings in its AML/CTF compliance, including customer due diligence and AML/CTF program issues, and in July 2025 AUSTRAC announced that undertaking had been finalised after NAB satisfied its obligations. AUSTRAC has also taken major enforcement action against large institutions, including the $1.3 billion Westpac penalty, reinforcing the scale of regulatory and commercial consequences that can follow sustained AML/CTF control failures. Against that backdrop, the personnel due diligence reforms make workforce capability, integrity and oversight much harder to treat as secondary compliance concerns.
Key Takeaways:
- Personnel due diligence is becoming a core AML/CTF governance control, not just a hiring-stage safeguard. Organisations will need to treat it as an ongoing compliance obligation embedded within the AML/CTF program.
- The reforms require a more structured and role-specific approach to workforce screening, with due diligence calibrated to the responsibilities, seniority and financial crime risk exposure of each role.
- Ongoing due diligence must be supported by clear reassessment triggers and documented review processes, rather than relying on one-off pre-employment checks.
- Organisations will need defensible records showing how personnel suitability was assessed, what evidence was relied on, and how reassessments were handled over time.
- Many existing screening frameworks will require uplift, particularly where they rely on fragmented hiring processes, weak role mapping, limited AML verification expertise, or inconsistent re-screening practices.
What Are the New AML/CTF Personnel Due Diligence Requirements?
Under Australia’s AML/CTF reforms, reporting entities must assess the skills, knowledge, expertise and integrity of personnel who perform AML/CTF functions. For current reporting entities, these reforms commence on 31 March 2026. For tranche 2 entities, they commence on 1 July 2026.
These assessments must occur:
- Before a person begins employment or engagement in an AML/CTF-related role
- During their employment or engagement on an ongoing basis
Reporting entities must embed these procedures in their AML/CTF policies, tailoring them to the risk and seniority of the role, and keep records of the assessments and decisions reasonably necessary to demonstrate compliance.
What the 2026 Reforms Actually Require
Australia’s 2026 AML/CTF reforms introduce specific and enforceable personnel due diligence obligations as part of the AML/CTF program. These are not optional good-practice measures. They are formal compliance requirements that require reporting entities to assess whether relevant personnel have the skills, knowledge, expertise and integrity needed to perform AML/CTF functions.
These obligations apply not only to employees, but also to personnel an organisation employs or engages to perform AML/CTF-related functions, which may include contractors, consultants and service-provider personnel. In practice, that means organisations first need to identify which roles perform AML/CTF functions, and which of those roles carry higher levels of ML/TF or PF risk, so that due diligence can be calibrated appropriately.
Role Mapping Comes First
Before defining checks, organisations need to determine which roles in the business perform AML/CTF-related functions and which of those roles should be treated as higher risk. AUSTRAC expects entities to identify relevant roles and tailor the level of due diligence to the person’s responsibilities, seniority, and exposure to financial crime risk. That matters because the due diligence expected for a senior compliance leader, an analyst handling higher-risk alerts, or personnel working within outsourced AML operations may be materially different from the checks appropriate for someone with limited exposure to AML decision-making.
Pre-Engagement Assessments
Before any individual performs AML/CTF-related duties, organisations must assess both capability and integrity as part of the personnel due diligence framework. This is about more than generic hiring checks. It is about determining whether the individual is suitable to perform the specific AML/CTF responsibilities attached to the role.
AUSTRAC’s guidance makes clear that assessing a person’s skills, knowledge and expertise involves determining whether they can carry out the responsibilities associated with their role. That includes whether they can:
- Understand the relevant money laundering and terrorism financing (ML/TF) risks associated with the role
- Understand the applicable AML/CTF obligations that apply to the role
- Apply the organisation’s AML/CTF policies, procedures and controls effectively
Organisations may assess these capabilities through a range of methods depending on the role and the level of risk involved. These may include:
- Role-specific interviews
- Knowledge-based assessments
- Review of prior AML/CTF qualifications or relevant experience
- Validation of relevant technical skills or credentials
- Professional membership checks where relevant
- Review of publicly available professional materials where appropriate
- Evidence of previous performance in similar roles
- Reference reviews or other suitability checks that help verify capability and experience
Integrity should also be assessed before engagement, but the depth of that assessment should be proportionate to the role’s exposure to ML/TF risk. Depending on the role, integrity checks may include:
- Identity verification
- Nationally Coordinated Criminal History Checks (NCCHC)
- Bankruptcy or financial probity checks
- Sanctions screening
- Adverse global media checks
- Employment references checks
- Qualification verification
- Review of disciplinary or regulatory findings where appropriate
Not every role will require the same level of scrutiny. Higher-risk AML/CTF roles, senior compliance responsibilities, or positions with greater authority over AML controls may warrant more extensive verification than roles with narrower or lower-risk responsibilities. That is the key shift in the reforms: organisations are expected to apply a risk-based and role-specific approach to suitability, integrity and capability requirements under the personnel due diligence framework, rather than relying on uniform pre-employment checks.
Ongoing Due Diligence (The Biggest Change)
One of the most important changes is that personnel due diligence does not stop once someone is appointed. AUSTRAC expects organisations to assess relevant personnel before and during employment or engagement. In other words, suitability must be maintained over time, not just established at the start.
That means organisations need processes for reassessing whether personnel performing AML/CTF functions remain capable and appropriate for their roles as risks, responsibilities and operating conditions change.
Depending on the role and risk profile, ongoing due diligence may include:
- Periodic reassessment of competence or integrity
- Updated criminal history, sanctions or adverse media checks for high-risk roles
- Declarations or self-attestations where appropriate
- Trigger-based reviews following promotion, role change, incidents, or changing risk exposure
This is a significant shift from traditional hiring-stage screening. Workforce suitability can no longer be treated as static. Organisations must be able to show that people performing AML/CTF functions continue to meet the expectations of the role as circumstances evolve.
Documentation Requirements
The reforms also strengthen the importance of documentation. Personnel due diligence must be supported by records that show how capability and integrity were assessed, what decisions were made, and when reassessment occurred. AUSTRAC expects reporting entities to keep records reasonably necessary to demonstrate compliance and to embed their personnel due diligence procedures within AML/CTF policies.
In practice, a defensible record may include:
- Qualifications, certifications or other credentials relevant to AML/CTF responsibilities
- Results of knowledge or capability assessments used to evaluate AML/CTF competence
- Interview or assessment outcomes supporting suitability decisions
- Reference checks confirming relevant experience or professional conduct
- Integrity screening results, such as criminal history checks, sanctions screening, adverse media, or financial probity outcomes where appropriate
- Records of reassessments, including what triggered the review and the outcome
Taken together, these requirements show that personnel due diligence is no longer a simple hiring control. It is a documented, risk-based governance process designed to help organisations demonstrate that the people performing AML/CTF functions are suitably capable, trustworthy and appropriately reviewed over time.
Why This Raises the Compliance Bar
The personnel due diligence reforms significantly raise expectations around workforce screening, oversight and verification within AML/CTF programmes.
Historically, screening was often limited to pre-employment background checks, with limited structured verification once an individual was hired. The reforms introduce a different expectation: organisations must now ensure that individuals performing AML/CTF responsibilities remain suitable, competent and trustworthy throughout their employment or engagement. This shift reflects a broader move toward treating personnel due diligence as a continuous control rather than a one-time hiring activity.
Three structural changes explain why the reforms materially raise the compliance bar:
- Lifecycle employee screening: Traditional screening treats due diligence as a point-in-time exercise. The reforms require continuous reassessment as risks, roles, and circumstances evolve, moving personnel due diligence from a “checkbox exercise” to a more embedded element of organisational governance and integrity.
- Stronger governance and accountability: Governance requirements place explicit responsibilities on the governing body, senior managers, and AML/CTF compliance officers. This increases the need for clearer oversight, well-defined accountability, and defensible decision-making around the personnel performing AML/CTF functions.
- Evidence-based oversight: Regulators are focusing less on written policies and more on whether organisations can produce evidence that employee screening and suitability reassessments were performed. The key question becomes whether organisations can show that the right people were trusted with critical AML responsibilities, and that those decisions were reviewed and supported appropriately over time.
- Specialised AML/CTF screening expertise: Hiring managers and personnel responsible for employee screening must have sufficient understanding of AML/CTF obligations and financial crime risk to properly conduct and interpret Know Your Employee (KYE) and AML verification checks. Without this expertise, organisations risk relying on generic hiring checks that fail to identify suitability issues relevant to AML decision-making roles.
Taken together, the personnel reforms raise the compliance bar by increasing the level of scrutiny expected to personnel performing AML/CTF functions. Organisations will need more time, stronger verification processes, clearer documentation, and greater access to specialist screening capability to make suitability decisions that can withstand regulatory review.
For many organisations, that is where the challenge begins: existing screening frameworks were not built for this level of rigour, which is why many are likely to fall short under the new expectations.
Where Most Organisations Fall Short
Despite the heightened scrutiny introduced by the personnel due diligence reforms, many existing employee screening and personnel due diligence frameworks were designed for traditional hiring decisions rather than regulatory-level workforce verification. As organisations face higher expectations for workforce due diligence, many may struggle to adapt recruitment, engagement and screening processes that were never built for this level of regulatory scrutiny.
Several practical challenges explain why organisations will struggle to meet the new expectations.
- Reliance on one-off pre-employment checks: Many organisations rely on background checks conducted only at the hiring stage. Without structured, risk-based re-screening processes, they may struggle to maintain ongoing workforce integrity as employee risk profiles change.
- Incomplete role mapping: Many organisations focus only on named AML or compliance roles, but overlook customer-facing, operations, quality assurance, or other personnel whose work also supports AML/CTF obligations. Without clear role mapping, organisations may fail to apply appropriate personnel due diligence to all individuals performing AML/CTF-related functions.
- Outsourced workforce blind spots: Personnel due diligence may need to extend beyond direct employees to contractors, consultants and service-provider personnel involved in AML/CTF-related functions. Where screening frameworks are built only around direct hires, organisations may struggle to apply a consistent standard of due diligence across the wider workforce.
- Limited understanding of AML verification requirements: Hiring managers, recruiters and others involved in screening or engagement decisions may not work directly with AML or financial crime compliance requirements on a daily basis. Without sufficient understanding of AML verification checks and integrity screening results, organisations risk overlooking suitability issues in AML decision-making roles.
- Lack of documented competency verification: Many organisations assess candidate suitability based on experience or interview performance without formally documenting AML-relevant competency assessments. This creates gaps when regulators require evidence that individuals possess the necessary skills, knowledge and expertise.
- Absence of structured re-screening processes: Ongoing personnel due diligence requires periodic reassessment of personnel suitability. Without defined rescreening frameworks, organisations may be unable to demonstrate that workforce integrity is maintained throughout employment.
Taken together, these gaps highlight a broader challenge: many employee screening frameworks were not designed to meet the level of rigour now expected under AML/CTF personnel due diligence reforms. As scrutiny increases, organisations must move beyond fragmented hiring practices and adopt more structured approaches to workforce verification.
What Robust Workforce Due Diligence Looks Like
Effective AML/CTF personnel integrity checks require organisations to move beyond traditional hiring checks and implement structured employee screening and verification processes that are risk-based, consistently applied, and supported by clear evidence.
In practice, this means treating hiring for AML/CTF roles as a controlled verification process, where each decision is supported by appropriate checks, informed review, and clearly documented, defensible outcomes.
1. Role Mapping and Risk Tiering
Before designing checks, organisations should identify which roles perform AML/CTF-related functions, determine which of those roles are higher risk, and align due diligence requirements to each role’s responsibilities, seniority and exposure to ML/TF and PF risk. This is important because not every role requires the same depth of assessment. Roles involving AML decision-making, transaction monitoring, compliance oversight, customer due diligence, escalation, or other higher-risk financial crime responsibilities may require more extensive personnel due diligence than roles with more limited exposure. AUSTRAC’s guidance expects reporting entities to identify relevant roles and high-risk roles so that due diligence and training can be tailored appropriately.
2. Risk-Based Employee Screening
Employee screening should be calibrated based on the risk exposure and decision-making authority of each role.
Individuals performing higher-risk AML functions, such as transaction monitoring or compliance oversight, require more extensive verification checks, which may include Nationally Coordinated Criminal History Checks (NCCHC), adverse media and adverse global media searches and financial probity checks to identify potential integrity and financial risk indicators.
3. Structured AML Verification Review
Conducting checks alone is not sufficient. Organisations must ensure that screening results are properly reviewed and interpreted by individuals with an understanding of AML/CTF obligations and financial crime risk.
This is particularly important where verification results require judgement, as misinterpretation may lead to unsuitable individuals being appointed to roles responsible for AML decision-making. In these cases, weaknesses in review processes can become critical points of failure under regulatory scrutiny.
4. Controlled Decision-Making and Approval
Workforce due diligence decisions should be subject to clear approval processes, particularly for roles with higher AML/CTF risk exposure.
This ensures that hiring decisions are reviewed by appropriate qualified individuals and reduces the risk of unsuitable candidates being approved without sufficient challenge or escalation.
5. Documented and Defensible Assessment Records
All workforce due diligence activities should be supported by clear, structured assessment records for each individual performing AML/CTF functions.
These records should capture the verification checks conducted, how results were assessed, and the rationale behind the suitability decision, ensuring organisations can produce consistent, audit-ready evidence under regulatory review.
6. Embedded Ongoing Monitoring
Workforce due diligence should extend beyond hiring and be integrated into the employee lifecycle.
This includes periodic rescreening, trigger-based reassessments and ongoing integrity monitoring, ensuring that workforce suitability is maintained as roles, risks and individual circumstances change.
Why Building This Internally is Difficult
While these elements define what robust workforce due diligence should look like, implementing this level of screening and verification in-house requires organisations to build and sustain internal processes, expertise and controls aligned with AML/CTF personnel due diligence expectations.
In practice, several challenges make this difficult to deliver consistently:
- Limited internal time and screening experience: Conducting AML verification checks such as criminal history screening, sanctions checks and adverse media searches requires both time and specialised expertise, particularly for roles performing AML/CTF functions. Where hiring teams do not regularly conduct or review these checks, interpreting results accurately can be time-intensive and may lead to inconsistent suitability assessments or decisions that are difficult to justify under regulatory scrutiny.
- Access to screening systems and verification data: Maintaining access to screening systems, data sources and verification networks requires ongoing financial investment, including subscription fees, system integration and vendor management. These can be costly for internal teams and may still limit the depth, consistency and timeliness of workforce verification processes.
- Inconsistent application of personnel due diligence requirements: Without a structured and centralised approach to AML workforce screening, different hiring decisions may apply varying levels of verification and assessment. This creates inconsistencies in how personnel suitability, integrity and capability requirements are evaluated and makes it difficult to demonstrate that personnel due diligence obligations are being applied consistently under regulatory review.
- Cost and risk of unsuitable hiring decisions: Where AML workforce screening is not sufficiently robust, organisations risk appointing or retaining individuals who are not suitable for roles with financial crime responsibilities. The cost of correcting those decisions extends beyond recruitment to include operational disruption and weakened AML control environments.
Taken together, these challenges highlight that delivering workforce due diligence at the standard expected under AML/CTF reforms is not just a question of process design, but of consistent execution at scale. For many organisations, ensuring that every hiring decision meets the same standard of verification and assessment remains difficult. This is why some organisations are reassessing whether existing internal processes are sufficient for the level of consistency and evidence the reforms are likely to require.
How TalentScreen by MVSI Enables a Defensible Approach
As workforce due diligence requirements increase, the challenge is not only understanding what checks to perform, but ensuring they are applied consistently and thoroughly across relevant roles. For organisations that need additional operational support, specialist screening partners can help embed more consistent and defensible personnel due diligence processes.
TalentScreen by MVSI is a pre-employment screening and background checking provider that supports organisations with criminal history screening, financial probity checks, employment history verification, reference checks and adverse media searches. It can also support standard checks aligned to Know Your Employee (KYE) and AML requirements relevant to personnel due diligence.
Delivered through a structured and consistently applied process, these checks can help organisations improve consistency, maintain clearer evidence of what was assessed, and reduce the operational burden of managing personnel due diligence internally. This is particularly valuable where organisations need to apply role-based checks more consistently and demonstrate that suitability decisions are supported by appropriate verification.
The Bottom Line
Under Australia’s 2026 AML/CTF reforms, personnel due diligence is no longer a one-off hiring check but a continuous, evidence-based obligation. Organisations must assess and document the competence and integrity of personnel performing AML/CTF functions before engagement and throughout employment or engagement.
For compliance, risk, financial crime and HR leaders, this places greater scrutiny on how organisations assess and evidence the suitability of personnel performing AML/CTF functions, both at the point of engagement and over time. Standard background checks are no longer sufficient. Organisations must implement structured verification, ongoing monitoring, and maintain clear audit trails to demonstrate that suitability decisions are supported by appropriate evidence.
Without this, personnel due diligence decisions may be difficult to defend under regulatory review.
Ready to assess your organisation’s readiness?
A workforce due diligence gap analysis can identify vulnerabilities, prioritise actions, and clarify next steps before enforcement begins. Speak to an expert today.
